Project

General

Profile

Actions
Copy link

Feature #2931

open
ER ER

Perform privdrop without libcap-ng support

Feature #2931: Perform privdrop without libcap-ng support

Added by Emmanuel Roullit almost 7 years ago. Updated over 6 years ago.

Status:
New
Priority:
Normal
Assignee:
Emmanuel Roullit
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Some platforms might not have libcap-ng support which disables the "run-as" configuration option and leaves the user with no other options but to run suricata with elevated privileges.

We created a changeset which allows to drop privileges despite the lack of libcap-ng support.

It lets the main thread perform initialization with the needed elevated privileges and drops them, by using setresuid(2) and setresgid(2), right before the SuricataMainLoop() is entered.

There is a caveat, which has been documented in the changeset, RUNMODE_AFP_DEV requires elevated privileges to allow the packet acquisition threads to reopen an AF_PACKET socket.
To guard against this, suricata will not start and inform the user libcap-ng support is required when the following requirements are met:
- libcap-ng support is disabled
- uid or gid change requested
- RUNMODE_AFP_DEV main run mode detected

Does other runmodes such as RUNMODE_PFRING and RUNMODE_NAPATECH would require similar guard as well?

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #276: Libcap support for dropping privilegesNewCommunity TicketActions
Actions
Copy link

Also available in: PDF Atom